Loading summary
Maria Varmaz
You're listening to the Cyberwire Network powered by N2K.
N2K Announcer
AI is making phishing attacks faster, more convincing and harder for people to spot, and traditional security awareness and phishing training weren't designed for this level of attack. HOX Hunt helps security teams prepare employees for the attacks they face every day with personalized phishing training that adapts to each employee and reduces risky behavior over time for IT and security leaders looking to strengthen their human layer of defense without adding more manual work. Visit hoxhunt.com cyberwire to learn more. That's H o X h u n t.com cyberwire.
Maria Varmaz
International operation disrupts Amity and Steelsea malware infrastructure Australian spy chief warns nation state hackers are pre positioning for future sabotage Stealthy new backdoor may be tied to initial access Broker researchers uncover Cordyceps supply chain flaw Iran linked muddy water disguises espionage as ransomware attack Cal Water says Handela's hacking claims were overstated. Report says Russia continued using Celebrate phone hacking tools after the Chinese Cybersecurity firm unveils AI tools to rival Anthropic's mythos. DraftKings hacker is sentenced to 18 months and our guest today is Eric Krohn, CISO advisor at KnowBeFor sharing the details of the CAPI program and more than meets the IP. Today is Thursday, June 25, 2026. I'm Maria Varmaz is on the mic for the vacationing Dave Buettner and this is your Cyber Wire Intel Briefing. Thanks for joining me today. Let's get started. Europol announced yesterday that a major law enforcement and industry operation disrupted infrastructure used by two leading strains of malware, Amadae and Steel C. The operation focused on the cybercriminal supply chain as Amadi and Steel C are frequently used to stage additional attacks. Microsoft used AI assisted analysis to determine that the two strains of malware relied on the same infrastructure, then used the Ricoh act to obtain legal bases to disrupt more than 200 command and control servers. The effort was also assisted by ESET, BitSight, Lumen, IBM Xforce Proofpoint and Mitsui Busan Secure Directions or mbsd, as well as law enforcement enforcement agencies from Canada, Denmark, Germany, the Netherlands, the United States and the United Kingdom. The operation follows last week's disruption of the Sock Golish malware operation by the Dutch police. Australia's top intelligence official is warning that nation state hackers have infiltrated a critical infrastructure provider, stealing administrator credentials and mapping networks so they could disrupt services at a time of their choosing. ASIO Director General Mike Burgess said the intrusion was detected and attributed before any damage occurred, but warned that cyber sabotage is becoming a growing national security concern. While he did not identify the country responsible, Burgess said one nation state in particular is aggressively targeting energy, communications and defense related infrastructure across the region to establish persistent access for potential future conflicts. Symantec and Carbon Black have published a report on a new backdoor that surfaced in April 2026. The malware tracked as Backdoor mystic may be tied to woodnat, which is an initial access broker that peddles to ransomware gangs. The researchers note that the stealth of the backdoor is also notable, as is the fact that woodnat is also possibly behind the development of Modelo Rat, indicating a group that is quite highly skilled at the development of stealthy remote access tools. This indicates it is a group that should be actively tracked, as it could continue to develop custom tools as well as widen the pool of ransomware actors that it works with. Researchers at Novi Security have disclosed a new class of software supply chain weaknesses, dubbed cordyceps that affects CICD workflows used by major open source projects. After scanning roughly 30,000 high impact repositories, the team identified 654 potentially vulnerable projects and confirmed more than 300 as fully exploitable. The flaws could allow attackers, even those with only a free GitHub account, to hijack build pipelines, steal credentials, inject malicious code or compromise software releases. The researchers say the issue stems from insecure GitHub Actions workflow configurations rather than GitHub itself, and warns that AI coding assistance may inadvertently propagate these insecure patterns across the software ecosystem. Researchers at NCC Group say the Iran linked hacking group Muddy Water is increasingly disguising espionage campaigns as ransomware attacks to complicate attribution and distract defenders. In a recently analyzed intrusion, the attackers posed as members of the Chaos ransomware operation, using Microsoft Teams, social engineering, credential theft and remote access tools to establish long term access before exfiltrating data and demanding a ransomware. Researchers believe the extortion was largely a smokescreen, with the real objective being intelligence collection and persistent network access on behalf of Iran's Ministry of Intelligence and Security. California Water Service, better known as Cal Water, has completed its investigation into claims made by the Iranian hacktivist group Handala, concluding that the hackers overstated their access and did not have the ability to disrupt OT systems. Handala, which is likely backed by the Iranian government, said it could have physically disrupted the water supply after gaining access to industrial control systems, but decided not to do so. Cal Water retained Mandiant to investigate the incident and the cybersecurity firm found that the hackers had only compromised two IT user accounts belonging to a third party service provider. Cal Water retained Mandiant to investigate the incident and the cybersecurity firm found that the hackers had only compromised two IT user accounts belonging to third party service providers. Calwater stated the investigation determined that the threat actor accessed one active customer's online calwater account using stolen user credentials. The customer account did not provide access to the billing system and no payment information was compromised. The threat actor also accessed an external third party website related to a GPS location correction tool. However, the website does not contain any confidential or sensitive information. A new investigation by Citizen Lab has found that Russian authorities continued using cellebrite's mobile forensic tools months after the Israeli company halted sales to Russia in 2021. Researchers say the software was used to extract data from the phone of imprisoned opposition politician Andrei Pivovarov, with the evidence later used in his prosecution. The findings raise questions about vendors ability to control previously deployed forensic tools after cutting ties with authoritarian governments. Cellebrite says any post2021 use in Russia was unauthorized and involved legacy equipment no longer supported by the company. Chinese cybersecurity company 360 Security Technology has unveiled two AI powered security tools that it says rival Anthropic's advanced Mythos system. One tool is designed to automatically discover software vulnerabilities, while the other automates cyber defense and incident response. The announcement comes as the United States restricts exports of Anthropic cybersecurity AI over national security concerns. We should note that Reuters says that these claims are not independently verified. For its part, 360 Security Technology says its vulnerability finding model has already uncovered more than 3,400 software flaws, framing the effort as a strategic response to what it sees as an intensifying AI driven cybersecurity competition between the United States and China. 21 year old Nathan Ostad of Minnesota has been sentenced to 18 months in prison after pleading guilty to his role in a November 2022 hack of the DraftKings betting platform, all according to a new report from Bleeping computer. Ostad and two accomplices were accused of compromising 60,000 DraftKings user accounts and selling access to the account for hundreds of thousands of dollars. The two co conspirators are already serving prison sentences to pay $463,000 in forfeiture and over a million dollars in restitution. Stay with us after the break. We are joined by Eric Krohn, CISO advisor at KnowBe4, who is sharing the details of the CAPI, or cyber awareness Program for you that offers free cybersecurity training for families and more than meets the ip. Stick with us.
N2K Announcer
When it comes to mobile application security, good enough is a risk. A recent Survey shows that 72% of organizations reported at least one mobile application security incident last year and 92% of responders reported threat levels have increased in the past two years. Guard Square delivers the highest level of security for your mobile apps without compromising performance time to market or user experience. Discover how Guard Square provides industry leading security for your Android and iOS apps at www.guardsquare.com foreign. What's the one thing in business that's spreading as fast as AI? AI risk. Every new tool your team signs up for. Every vendor that turns on AI features, every new integration, each one creates another opportunity for something to go wrong. And most security programs just weren't built for AI's pace of growth. Enter Vanta. Vanta is the one agentic trust platform used by more than 16,000 fast moving companies like Ramp, Cursor and Harvey to help ensure they're always audit ready. And now Vanta is helping companies watch for the risks that show up between audits across vendors, AI tools and their entire environment. The Vanta agent works like a 24.7grc engineer in the background, finding issues, drafting fixes and cutting vendor assessment time by up to 50%. Whether you're a fast growing startup or a global enterprise, Vanta is here to help you automate your security and compliance and earn and prove trust. Get started today@vanta.com cyber that's V A N T A dot com cyber.
Maria Varmaz
Recently Dave Bittner sat down with Eric Krohn, CISO advisor at KnowBe4 as they discussed the details of CAPI, which is the cyber awareness program for you. And it's a program that offers free cybersecurity training for families. Here's their conversation.
Eric Krohn
We've been doing like a home course for a long time and we realize that these scammers and stuff, although we're known for business stuff, they're, they're going after people too at home and it's kind of our mission. So what we started thinking about is more and more of these kids are being faced with technology at younger, younger ages. I mean it's like everywhere they've got all kinds of power in their pocket and also older people are having to deal with technology that they're not necessarily comfortable with. And so we really wanted to help those folks out.
N2K Announcer
Well, describe to us what someone is going to encounter when they go visit this online hub.
Eric Krohn
Yeah. So the first thing that I think is awesome about this, I mean, I really, really love it, is you're not going to be asked to give like a bunch of your information or sign up for anything or whatever. It's really just there for people to look at different types of education that's available for folks. And it's tailored towards kids or some fun little stuff, animation, things like that, but also towards older folks as well. So it's really just a nice portal you can go to and pick some of the things you want to learn about, get to know a little more about, and become a little bit more Internet savvy.
N2K Announcer
Well, can you give us some examples of the types of things people can learn here?
Eric Krohn
Yeah, I mean, we're obviously talking about things like your credentials and how you deal with that. We're talking about some of the different scams that are out there and how to recognize it. Those are big ones. I mean, essentially we're giving people all that kind of they know just to get up to speed. Now, of course, these aren't super deep dives and everything. I mean, we don't get into the technical psychology behind some of these scams that are going after people. But what we wanted to do is be quick and easy and something that they can digest. And it's being updated now, which I really, really like. We're constantly updating this as new things come out. I was actually talking to one of the folks that helped build this out the other day, and we were talking about how much they want to be doing and more content in this. And there's already quite a bit of content about all the different things that people face out there on the Internet.
N2K Announcer
Well, one of the things that caught my eye is it's kind of fun for all ages. As they say, you've got things there from the kids who are just starting out with their online journey. For teens and even the adults, this is really a place the whole family could get together and there's something there everyone can enjoy.
Eric Krohn
Yeah, 100%. And we've had a home course for many, many years. Okay. Not a lot of people knew about it, but it was designed that people who used our services could take this and give it to their family and stuff. But it was just kind of a generic overall covers everybody, single course that people could run through, and that was okay. But I mean, honestly, we're at a Point where there's more things that more generations are facing more often these days. And we felt like it needed to be broken up a little bit. So, yeah, that's why we have it for kids and teens. I mean, we're all exposed to different things online because we go to different places online. I don't necessarily expect senior citizens to be worried about their Roblox account being taken over. Right, right. That's just not the area they go in. So it doesn't help necessarily to teach them about scams that are around. That and vice versa. You know, you're not going to give a young adult a bunch of investment type stuff, you know, I mean, that just doesn't click with them. So we wanted to make sure that it covers all of those different ranges.
N2K Announcer
Why was it important for this to be free?
Eric Krohn
Oh, well, I mean, gatekeeping this stuff for the general public is very unfortunate. And from the ground up, we designed this to be free to not gather information, to not do that, because we want people to go there and just watch this stuff. We want the friction to be extremely low when people are connecting with this. I mean, how many times have you gone somewhere and you start along the path and it's asking you all these questions. You got to give it information, just abandon it. You're like, no, I'm out of here. Don't want to do this. Well, I mean, we've all kind of been there, right? It gets old. Well, if we want people to actually ingest this and use it, we felt like it should be free and easy for them.
N2K Announcer
What sort of feedback have you gotten so far?
Eric Krohn
I've gotten great feedback. I'm out on the road quite a bit. I talk mostly to technical people and at different conferences, employees and, and stuff too. But those that are seeing this and hearing it absolutely love it. They love the idea. And again, it kind of goes back to our mission and what we do well, which is education, of course. Our, our bread and butter is education in the workforce. And of course we're dealing with topics like AI and, and AI agents and dealing with securing those. So we go much deeper on that side. But on the flip side, those people that we're teaching in these organizations, they have family at home and they have friends, and we all have family and friends. I mean, it's out there. And these, these scams and these attacks are just getting worse and worse all the time. And as a matter of fact, if my wife and I, a friend of ours yesterday, we started seeing some really odd posts on Facebook from Them. And it was. It started off with, hey, I'm here with my uncle. He's not well, et cetera, et cetera. Wish us luck. You know, like, okay, cool. You know, like, two hours later, we. We see this post pop up, and it's like, hey, we've decided to pay for his treatments, and he's in the hospital, and we need to sell off some of his stuff. So here's a bunch of stuff for sale. I'm out of town with him right now. If you want to leave a deposit, we will hold the item for you. Then you can inspect it. If you don't like it, you get the money back.
Advertisement Voice
But.
Eric Krohn
But even my wife looked at that and went, this seems really, really weird that this would be going on.
N2K Announcer
And then.
Eric Krohn
So she already keyed in on it, which I love. That makes me happy to know that she's seeing this stuff and going, wait a minute, red flags are up. And I showed her. You start looking through the pictures and all of the backgrounds of these different razors and cars and UTV type stuff. It's all different. Like, the house in the background, the driveway is different. And sure enough, we got a post today going, hey, someone had taken over my account, so it's happening to everybody.
N2K Announcer
How did you go about behind the scenes mapping out the curriculum that you wanted to cover here?
Eric Krohn
Well, I'll tell you, that entirely goes to some of our coworkers here. I am not a content person, but Anna Callard is the one. Her and I got on a phone call one time and chatted about this, and we were talking about how great it would be because she knows I'm super passionate about this. She was actually the founder of Popcorn Training, which is an organization that we acquired years ago for their content. And they make amazing content. So one thing leads to another. We get off that call, and it seemed like no time later, she's like, check it out. Look what we got going. And, man, they just knocked it out. It was impressive. Impressive. So they're actually the ones that kind of came up with the content, looking around, going, all right. But they've been doing that for, you know, a decade and a half or so, so they're not new to that.
N2K Announcer
Well, I have to say, Eric, I'm a big fan. I mean, I think those of us in cybersecurity or those who are even adjacent to it, you know, we often find ourselves playing that part with our family and friends of being the one they come to for advice, for questions that they have. And this is just another resource that we can share so that they can learn this stuff at their own pace.
Eric Krohn
Yeah, absolutely. And I'll tell you Dave, I'm almost 10 years now with KnowBe4. It'll be 10 years in July, which is a huge long time and I'm a very technical person in the background, but realize the human thing throughout the years. But I'll tell you right now, the reason I'm with knowbe4 and have been with knowbe4 so long is our mission, which is to help people, essentially. Yeah, sure, we gotta keep the lights on and it's always nice to, you know, to have a product to sell, but our mission has always been to help the workforce, to help organizations avoid this and to be able to branch out even more to doing it for the people at home, the people that aren't even with the company or have any subscription is fantastic. And this is the stuff that motivates me. It makes me feel great about working for knowbe4 for so long.
Maria Varmaz
That was Dave Bittner and Eric Krohn discussing capi, a program that offers free cybersecurity training for families.
N2K Announcer
Most environments trust far more than they should, and attackers know it. ThreatLocker solves that by enforcing default deny at the point of execution. With ThreatLocker allow listing, you stop unknown executables cold. With ring fencing, you control how trusted applications behave, and with threatlocker DAC defense against configurations, you get real assurance that your environment is free of misconfigurations and clear visibility into whether you meet compliance standards. ThreatLocker is the simplest way to enforce zero trust principles without the operational pain. It's powerful protection that gives CISOs real visibility, real control, and real peace of mind. ThreatLocker makes zero trust attainable even for small security teams. See why thousands of organizations choose ThreatLocker to minimize alert fatigue, stop ransomware at the source, and regain control over their environments. Schedule your demo@threatlocker.com N2K today.
Home Depot Announcer
Heat up your fourth of July at the Home Depot with our wide variety of grills under $300 and make every gathering one to remember. Give your outdoor space a glow up, whatever your budget is, with savings on seasonal plants starting at $5. With the grill fired up and your backyard set to perfection, you'll be able to invite friends and family over to to kick off the party. Start celebrating with low prices guaranteed at the Home Depot. Prices may vary by store exclusions Apply to see home depot.com pricematch for details.
Maria Varmaz
And finally, if you are worried about the apps on your phone researchers have a suggestion for you. Maybe it's time for you to take a look at the ones on your TV too. Yeah after scanning more than 6,000 apps across LG and Samsung Smart TVs researchers found over 2,000 contained software that could monetize a user's residential Internet connection by routing third party traffic through the home network. Many of the apps appeared completely harmless things like screensavers, clocks, fish tanks and simple games, but were also functioning as residential proxy infrastructure. Behind the scenes, Researchers say smart TVs are particularly attractive for this because they're often always on, rarely monitored, and often treated more like furniture than as computers. The report also notes that Amazon explicitly bans this category of software, and Roku has reportedly blocked similar apps, while LG and Samsung have not established equivalent public policies. So the takeaway here for you is that your smart TV may be smarter and busier than you think. After all, nobody expects a clock app to tell time, display the weather and moonlight as network infrastructure. And that's the Cyberwire Daily brought to you by N2K CyberWire. For links to all of today's stories, check out our daily briefing@thecyberwire.com we'd love to know what you think of our podcast. Your feedback ensures we deliver the insights that keep you a step ahead in the rapidly changing world of cybersecurity. If you like our show, please share a rating and review in your podcast app. Please also fill out the survey in the show notes or send an email to cyberwire2k.com N2K's lead producer is Liz Stokes. We're mixed by Trey Hester with original music and sound design by Elliot Peltzman. Our executive producer is Jennifer Ibin. Peter Kilfi is our publisher and I'm your host Maria Varmazes, in this week for Dave Bittner. Thanks for listening. We'll see you tomorrow.
Advertisement Voice
Your package says delivered, but delivered where exactly? The hallway? The lobby? Your neighbor's apartment? Instead of playing detective with your deliveries, get a mailbox at the UPS store. We'll sign for your packages, text you when they arrive and keep your deliveries low key under lock and key. Get 3 months free mailbox services with a new annual agreement at the UPS store. For full details and to get your Coupon, visit the upsstore.com offer.
Host: Maria Varmazes (for Dave Bittner)
Guest Interview: Eric Krohn, CISO Advisor at KnowBe4
This episode of CyberWire Daily offers a fast-paced rundown of major cybersecurity news, highlighting international malware takedowns, espionage trends, threat actor activities, and new vulnerabilities in software supply chains. The show’s centerpiece interview features Eric Krohn from KnowBe4, who introduces the free Cyber Awareness Program for You (CAPI), focused on making security education accessible to families of all ages.
[02:05]
“The operation focused on the cybercriminal supply chain as Amity and Steelsea are frequently used to stage additional attacks.” — Maria Varmazes [02:35]
[03:12]
Backdoor.Mystic & Woodnat Ties [04:23]:
Cordyceps Supply Chain Flaw [05:12]:
“The flaws could allow attackers, even those with only a free GitHub account, to hijack build pipelines, steal credentials, inject malicious code or compromise software releases.” — Maria Varmazes [05:37]
Cal Water Hack Overhyped [07:08]:
Russian Use of Cellebrite Tools [08:12]:
China’s 360 Security Unveils AI Security Tools [08:48]:
DraftKings Hacker Sentenced [09:32]:
Segment begins at [12:02]
“More and more kids are being faced with technology at younger, younger ages... also older people are having to deal with technology that they're not necessarily comfortable with.” — Eric Krohn [12:34]
[13:01]
“You're not going to be asked to give like a bunch of your information or sign up for anything... it's really just there for people to look at different types of education and... become a little bit more Internet savvy.” — Eric Krohn [13:05]
[13:42]
[15:00]
“I don't necessarily expect senior citizens to be worried about their Roblox account being taken over... So it doesn't help necessarily to teach them about scams that are around that, and vice versa.” — Eric Krohn [15:27]
[16:15]
"Gatekeeping this stuff for the general public is very unfortunate. And from the ground up, we designed this to be free, to not gather information, to not do that, because we want people to go there and just watch this stuff." — Eric Krohn [16:18]
“They love the idea. And again, it kind of goes back to our mission... which is education, of course. Our bread and butter is education in the workforce.” — Eric Krohn [17:12]
[23:33]
“Nobody expects a clock app to tell time, display the weather and moonlight as network infrastructure.” — Maria Varmazes [23:52]
For links to all stories and further resources, visit the daily briefing at thecyberwire.com.